<meta
    http-equiv="Content-Security-Policy"
    content="
    default-src 'self';
    script-src 'self' 'nonce-EXAMPLE_SCRIPT_NONCE';
    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
    font-src 'self' data: https://fonts.gstatic.com;
    img-src 'self' data:;
    "
/>
